PRACTICAL -4

Aim– Configuring a Point-to-Point GRE VPN Tunnel Topology

Addressing Table
Device Interface IP Address Subnet Mask Default Gateway

WEST G0/1 172.16.1.1 255.255.255.0 N/A

S0/0/0 (DCE) 10.1.1.1 255.255.255.252 N/A

Tunnel0 172.16.12.1 255.255.255.252 N/A

ISP S0/0/0 10.1.1.2 255.255.255.252 N/A

S0/0/1 (DCE) 10.2.2.2 255.255.255.252 N/A

EAST G0/1 172.16.2.1 255.255.255.0 N/A

S0/0/1 10.2.2.1 255.255.255.252 N/A

Tunnel0 172.16.12.2 255.255.255.252 N/A

PC-A NIC 172.16.1.3 255.255.255.0 172.16.1.1

PC-C NIC 172.16.2.3 255.255.255.0 172.16.2.1

What is GRE?
  Generic routing encapsulation (GRE) is a virtual point to point link that encapsulates
data traffic in a tunnel.
 GRE encapsulates data packets and redirects them to a device that de-encapsulates
them and routes them to their final destination.
 This allows the source and destination switches to operate as if they have a virtual
point-to-point connection with each other (because the outer header applied by GRE
is transparent to the encapsulated payload packet).
 For example, GRE tunnels allow routing protocols such as RIP and OSPF to forward
data packets from one switch to another switch across the Internet. In addition, GRE
tunnels can encapsulate multicast data streams for transmission over the Internet.
 Data is routed by the system to the GRE endpoint over routes established in the route
table. (These routes can be statically configured or dynamically learned by routing
protocols such as RIP or OSPF.) When a data packet is received by the GRE
endpoint, it is de-encapsulated and routed again to its destination address.
Objectives
Part 1: Configure Basic Device Settings
Part 2: Configure a GRE Tunnel
Part 3: Enable Routing over the GRE Tunnel
Background / Scenario
Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate a variety
of network layer protocols between two locations over a public network, such as the Internet.
GRE can be used with:
- Connecting IPv6 networks over IPv4 networks
- Multicast packets, such as OSPF, EIGRP, and streaming applications
In this lab, you will configure an unencrypted point-to-point GRE VPN tunnel and verify that
network traffic is using the tunnel. You will also configure the OSPF routing protocol inside
the GRE VPN tunnel. The GRE tunnel is between the WEST and EAST routers in OSPF
area 0. The ISP has no knowledge of the GRE tunnel. Communication between the WEST
and EAST routers and the ISP is accomplished using default static routes.
Required Resources
∙ 3 Routers (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable) ∙
2 Switches (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable) ∙ 2
PCs (Windows 7, Vista, or XP with terminal emulation program, such as Tera Term) ∙
Console cables to configure the Cisco IOS devices via the console ports
∙ Ethernet and serial cables as shown in the topology
Part 1: Configure Basic Device Settings
In Part 1, you will set up the network topology and configure basic router settings, such as the
interface IP addresses, routing, device access, and passwords.
Step 1: Cable the network as shown in the topology.

Step 2: Initialize and reload the routers and switches.

Step 3: Configure basic settings for each router.
a. Configure the device names.
b. Apply IP addresses to Serial and Gigabit Ethernet interfaces according to the
Addressing Table and activate the physical interfaces. Do NOT configure the Tunnel0
interfaces at this time.
c. Set the clock rate to 128000 for DCE serial interfaces.
Step 4: Configure default routes to the ISP router.
WEST(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2
 EAST(config)# ip route 0.0.0.0 0.0.0.0 10.2.2.2

Step 5: Configure the PCs.

Assign IP addresses and default gateways to the PCs according to the

addressing table.
Step 6: Verify connectivity.

At this point, the PCs are unable to ping each other. Each PC should be able to ping its
default gateway. The routers are able to ping the serial interfaces of the other routers
in the topology. If not, troubleshoot until you can verify connectivity.

Step 7: Save your running configuration.

Part 2: Configure a GRE Tunnel
In Part 2, you will configure a GRE tunnel between the WEST and EAST routers

Step 1: Configure the GRE tunnel interface.

a. Configure the tunnel interface on the WEST router. Use S0/0/0 on WEST as the tunnel
source interface and 10.2.2.1 as the tunnel destination on the EAST router.
WEST(config)# interface tunnel 0
WEST(config-if)# ip address 172.16.12.1 255.255.255.252
WEST(config-if)# tunnel source s0/0/0
WEST(config-if)# tunnel destination 10.2.2.1
b. Configure the tunnel interface on the EAST router. Use S0/0/1 on EAST as the tunnel
source interface and 10.1.1.1 as the tunnel destination on the WEST router.
EAST(config)# interface tunnel 0
EAST(config-if)# ip address 172.16.12.2 255.255.255.252
EAST(config-if)# tunnel source 10.2.2.1
EAST(config-if)# tunnel destination 10.1.1.1
Note: For the tunnel source command, either the interface name or the IP address
can be used as the source.

Step 2: Verify that the GRE tunnel is functional.

a. Verify the status of the tunnel interface on the WEST and EAST routers.
WEST# show ip interface brief
EAST# show ip interface brief
b. Issue the show interfaces tunnel 0 command to verify the tunneling protocol, tunnel
source, and tunnel destination used in this tunnel.
c. Ping across the tunnel from the WEST router to the EAST router using the IP address of
the tunnel interface.
WEST# ping 172.16.12.2
d. Use the traceroute command on the WEST to determine the path to the tunnel
interface on the EAST router. What is the path to the EAST router?

e. Ping and trace the route across the tunnel from the EAST router to the WEST router
using the IP address of the tunnel interface.
What is the path to the WEST router from the EAST router?
With which interfaces are these IP addresses associated? Why?

f. The ping and traceroute commands should be successful. If not, troubleshoot before
continuing to the next part.
Part 3: Enable Routing over the GRE Tunnel
In Part 3, you will configure OSPF routing so that the LANs on the WEST and EAST routers
can communicate using the GRE tunnel.
After the GRE tunnel is set up, the routing protocol can be implemented. For GRE tunneling,
a network statement will include the IP network of the tunnel, instead of the network
associated with the serial interface. just like you would with other interfaces, such as Serial
and Ethernet. Remember that the ISP router is not participating in this routing process.
Step 1: Configure OSPF routing for area 0 over the tunnel.
a. Configure OSPF process ID 1 using area 0 on the WEST router for the 172.16.1.0/24 and
172.16.12.0/24 networks.
WEST(config)# router ospf 1
WEST(config-router)# network 172.16.1.0 0.0.0.255 area 0
WEST(config-router)# network 172.16.12.0 0.0.0.3 area 0
b. Configure OSPF process ID 1 using area 0 on the EAST router for the 172.16.2.0/24 and
172.16.12.0/24 networks.
EAST(config)# router ospf 1
EAST(config-router)# network 172.16.2.0 0.0.0.255 area 0
EAST(config-router)# network 172.16.12.0 0.0.0.3 area 0

b. From the EAST router issue the command to verify the route to 172.16.1.0/24 LAN on
the WEST router. What is the exit interface and IP address to reach the 172.16.1.0/24
network?
Step 3: Verify end-to-end connectivity.
a. Ping from PC-A to PC-C. It should be successful. If not, troubleshoot until you
have end-to-end connectivity.
Note: It may be necessary to disable the PC firewall to ping between PCs.
b. Traceroute from PC-A to PC-C. What is the path from PC-A to PC-C?
Router Interface Summary Table
Router Interface Summary

Router Ethernet Ethernet Serial Serial Interface #2

Model Interface #1 Interface #2 Interface
#1

1800 Fast Ethernet Fast Ethernet Serial Serial 0/0/1 (S0/0/1)

0/0 0/1 0/0/0
(F0/0) (F0/1) (S0/0/0)

1900 Gigabit Gigabit Serial Serial 0/0/1 (S0/0/1)

Ethernet Ethernet 0/0/0
0/0 0/1 (G0/1) (S0/0/0)
(G0/0)

2801 Fast Ethernet Fast Ethernet Serial Serial 0/1/1 (S0/1/1)

0/0 0/1 0/1/0
(F0/0) (F0/1) (S0/1/0)

2811 Fast Ethernet Fast Ethernet Serial Serial 0/0/1 (S0/0/1)

0/0 0/1 0/0/0
(F0/0) (F0/1) (S0/0/0)

2900 Gigabit Gigabit Serial Serial 0/0/1 (S0/0/1)

Ethernet Ethernet 0/0/0
0/0 0/1 (G0/1) (S0/0/0)
(G0/0)

Note: To find out how the router is configured, look at the interfaces to identify the type of
router and how many interfaces the router has. There is no way to effectively list all the
combinations of configurations for each router class. This table includes identifiers for the
possible combinations of Ethernet and Serial interfaces in the device. The table does not
include any other type of interface, even though a specific router may contain one. An example
of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that
can be used in Cisco IOS commands to represent the interface.
Packet Tracer - Configure VTP and DTP
Topology

What is VTP?
VTP is a Layer 2 messaging protocol that was designed to manage the creation and deletion
of VLANs and maintain network-wide VLAN database consistency. Using this protocol, a
network administrator can add or delete VLANs and have those changes automatically
propagated to all other switches in the network.
Without VTP, switches do not exchange information about VLANs.
The protocol has been designed around the centralized management idea. One or more
switches are assigned the role of VTP Server.
Any updates made on these switches are sent through VTP to the other switches, which are
VTP Clients
What are the modes of VTP in networking?
There are three modes of VTP in networking, namely-
 VTP Server Mode
 VTP Client Mode
 VTP Transparent Mode

VTP Server Mode

 It allows you to add, modify and delete VLANs.
 It stored the VLAN database in NVRAM.
 The revision number (CR value) increases whenever a new VLAN is added or
deleted.
Objectives
In this activity, you will configure VTP
Background / Scenario
Scalability and management are two crucial considerations in large networks. VTP and DTP
are technologies that improve management and scalability. VLAN Trunking Protocol (VTP)
allows the switches to communicate over VLANs automatically, improving management and
scalability. Dynamic Trunking Protocol (DTP) allows the switches to automatically negotiate
and establish trunk links. DTP also improves scalability.
In this activity, you will configure a switched environment where trunks are negotiated and
formed via DTP, and VLAN information is propagated automatically through a VTP domain.

Step 1: Using Dynamic Trunk Protocol (DTP) to form trunk links

Access links transport single VLAN frames and trunk links carry frames belonging to
multiple VLANs. While trunk links can be manually configured, DTP can be used to allow
the switches to negotiate and establish trunk links automatically. DTP is very helpful in
large networks.
Configure Switches:-
show vtp status
en
conf t
hostname s1
int f0/20
switchport mode trunk
exit
vtp domain CCIE
vtp password Cisco123
vtp version 2
vtp mode server
exit
en
conf t
hostname s2
int f0/20-21
switchport mode trunk
exit
vtp domain CCIE
vtp password Cisco123
vtp version 2
vtp mode server
exit

en
conf t
hostname s3
int f0/21
switchport mode trunk
exit
vtp domain CCIE
vtp password Cisco123
vtp version 2
vtp mode server
exit

Check VLAN’S are created or not

Sh vlan
 PRACTICAL 4
Lab - Configure NAT for IPv4

Topology

Addressing Table
Device Interface IP Address Subnet Mask

R1 G0/0/0 209.165.200.230 255.255.255.248

G0/0/1 192.168.1.1 255.255.255.0

R1

R2 G0/0/0 209.165.200.225 255.255.255.248

Lo1 209.165.200.1 255.255.255.224

R2

S1 VLAN 1 192.168.1.11 255.255.255.0

S2 VLAN 1 192.168.1.12 255.255.255.0

PC-A NIC 192.168.1.2 255.255.255.0

PC-B NIC 192.168.1.3 255.255.255.0

What is NAT?
Network Address Translation (NAT) is a service that enables private IP networks to use the
internet and cloud.
NAT translates private IP addresses in an internal network to a public IP address before
packets are sent to an external network.
What is Static NAT?
Static NAT (Network Address Translation) - Static NAT (Network Address Translation) is
one-to-one mapping of a private IP address to a public IP address. Static NAT (Network
Address Translation) is useful when a network device inside a private network needs to be
accessible from internet.
What is Dynamic NAT?
Dynamic NAT (Network Address Translation) - Dynamic NAT can be defined as mapping of
a private IP address to a public IP address from a group of public IP addresses called as NAT
pool. Dynamic NAT establishes a one-to-one mapping between a private IP address to a
public IP address. Here the public IP address is taken from the pool of IP addresses
configured on the end NAT router. The public to private mapping may vary based on the
available public IP address in NAT pool.
What is PAT?
PAT (Port Address Translation) - Port Address Translation (PAT) is another type of dynamic
NAT which can map multiple private IP addresses to a single public IP address by using a
technology known as Port Address Translation.
Objectives
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure and verify NAT for IPv4
Part 3: Configure and verify PAT for IPv4
Part 4: Configure and verify Static NAT for IPv4

Background / Scenario
Network Address Translation (NAT) is the process where a network device, such as a
Cisco router, assigns a public address to host devices inside a private network. The
main reason to use NAT is to reduce the number of public IP addresses that an
organization uses because the number of available IPv4 public addresses is limited.
An ISP has allocated the public IP address space of 209.165.200.224/29 to a
company. This network is used to address the link between the ISP router (R2) and
the company gateway (R1). The first address (209.165.200.225) is assigned to the
g0/0/0 interface on R2 and the last address (209.165.200.230) is assigned to the
g0/0/0 interface on R1. The remaining addresses (209.165.200.226-209.165.200.229)
will be used to provide internet access to the company hosts. A default route is used
from R1 to R2. The internet is simulated by a loopback address on R2.
In this lab, you will configure various types of NAT. You will test, view, and
verify that the translations are taking place, and you will interpret the NAT/PAT
statistics to monitor the process.

Required Resources
• 2 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal
image or comparable)
• 2 Switches (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9
image or comparable)
• 2 PCs (Windows with a terminal emulation program, such as Tera
Term)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet cables as shown in the topology
 Instructions

Part 1: Build the Network and Configure Basic Device Settings

Step 1: Cable the network as shown in the topology.
Attach the devices as shown in the topology diagram and cable as necessary.

Step 2: Configure basic settings for each router.

Step 3: Configure basic settings for each switch and PC
Part 2: Configure and verify NAT for IPv4

Step 1: Configure NAT on R1 using a pool of three addresses, 209.165.200.226-

209.165.200.228.
Open configuration window
a. Configure a simple access list that defines what hosts are going to be allowed for
translation. In this case,all devices on the R1 LAN are eligible for translation.
R1(config)# access-list 1 permit 192.168.1.0 0.0.0.255
b. Create the NAT pool, and give it a name and a range of addresses to use.
R1(config)# ip nat pool PUBLIC_ACCESS 209.165.200.226 209.165.200.228
netmask 255.255.255.248
Note: The netmask parameter is not an IP address delimiter. It should be the
correct subnet mask for the addresses being assigned, even if you are not using all
the subnet addresses in the pool.
c. Configure the translation, associating the ACL and Pool to the translation process.
R1(config)# ip nat inside source list 1 pool PUBLIC_ACCESS
Note: Three very important points. First, the word ‘inside’ is critical to the
operation of this kind of NAT. If you omit it, NAT will not work. Second, the list
number is the ACL number configured in a previous step. Third, the pool name
is case-sensitive.
d. Define the inside interface.
R1(config)# interface g0/0/1
R1(config-if)# ip nat inside
e. Define the outside interface.
R1(config)# interface g0/0/0
R1(config-if)# ip nat outside

Step 2: Test and Verify the configuration.

a. From PC-B, ping the Lo1 interface (209.165.200.1) on R2. If the ping was
unsuccessful, troubleshoot and correct the issues. On R1, display the NAT table on
R1 with the command
show ip nat translations.

R1# show ip nat translations

b. From PC-A, ping the Lo1 interface (209.165.200.1) on R2. If the ping was
unsuccessful, troubleshoot and correct the issues. On R1, display the NAT table on
R1 with the command show ip nat translations.
 R1
# show ip nat translations

c. Notice that the previous translation for PC-B is still in the table. From S1, ping the
Lo1 interface (209.165.200.1) on R2.
If the ping was unsuccessful, troubleshoot and correct the issues. On R1, display the
NAT table on R1 with the command show ip nat translations.
 R1# show ip nat translations

d. Now try and ping R2 Lo1 from S2. This time, the translations fail, and you get these
messages (or similar) on the R1 console:

e. This is an expected result, because only 3 addresses are allocated, and we tried to
ping Lo1 from four devices. Recall that NAT is a one-to-one translation. So how
 long are the translations allocated? Issue the command show ip nat translations
verbose and you will see that the answer is for 24 hours.
R1# show ip nat translations verbose
f. Given that the pool is limited to three addresses, NAT to a pool of addresses is
not adequate for our application. Clear the NAT translations and statistics and
we will move on to PAT.
R1# clear ip nat translations

Part 3: Configure and verify PAT for IPv4

In Part 3, you will configure replace NAT with PAT to a pool of addresses,
and then with PAT using an interface.

Step 1: Remove the translation command on R1.

Open configuration window
The components of an Address Translation configuration are basically the same;
something (an access-list) to identify addresses eligible to be translated, an optionally
configured pool of addresses to translate them to, and the commands necessary to
identify the inside and outside interfaces. From Part 1, our access-list (access-list 1)
is still correct for the network scenario, so there is no need to recreate it. We are
going to use the same pool of addresses, so there is no need to recreate that
configuration either. Also, the inside and outside interfaces are not changing. To get
started in Part 3, remove the command that ties the ACL and pool together.
R1(config)# no ip nat inside source list 1 pool PUBLIC_ACCESS

Step 2: Add the PAT command on R1.

Now, configure for PAT translation to a pool of addresses (remember, the
ACL and Pool are already configured, so this is the only command we need
to change from NAT to PAT).
R1(config)# ip nat inside source list 1 pool PUBLIC_ACCESS overload
Step 3: Test and Verify the configuration.
a. Let’s verify PAT is working. From PC-B, ping the Lo1 interface (209.165.200.1) on
R2. If the ping was unsuccessful, troubleshoot and correct the issues. On R1, display
the NAT table on R1 with the command show ip nat translations.

R1# show ip nat translations

b. From PC-A, ping the Lo1 interface (209.165.200.1) on R2. If the ping was
unsuccessful, troubleshoot and correct the issues. On R1, display the NAT table on
R1 with the command show ip nat translations.

R1# show ip nat translations

c. Generate traffic from multiple devices to observe PAT. On PC-A and PC-B, use the -t
parameter with the ping command to send a non-stop ping to R2’s Lo1 interface
(ping -t 209.165.200.1), then go back to R1 and issue the show ip nat translations
command:
d. PAT to a pool is a very effective solution for small-to-midsize organizations. However,
there are unused IPv4 addresses involved in this scenario. We will move to PAT with
interface overload to eliminate this waste of IPv4 addresses. Stop the pings on PC-A and
PC-B with the Control-C key combination, then clear translations and translation
statistics:
R1# clear ip nat translations *
R1# clear ip nat statistics
Step 4: On R1, remove the nat pool translation commands.
Once again, our access-list (access-list 1) is still correct for the network scenario, so
there is no need to recreate it. Also, the inside and outside interfaces are not
changing. To get started with PAT to an interface, clean up the configuration by
removing the NAT Pool and the command that ties the ACL and pool together.
R1(config)# no ip nat inside source list 1 pool PUBLIC_ACCESS
overload
R1(config)# no ip nat pool PUBLIC_ACCESS

Step 5: Add the PAT overload command by specifying the

outside interface. Add the PAT command that will cause overload
to the outside interface.
R1(config)# ip nat inside source list 1 interface g0/0/0 overload

Step 6: Test and Verify the configuration.

a. Let’s verify PAT to the interface is working. From PC-B, ping the Lo1 interface
(209.165.200.1) on R2. If the ping was unsuccessful, troubleshoot and correct the
issues. On R1, display the NAT table on R1 with the command show ip nat
translations.
 R1# show ip nat translations

b. Generate traffic from multiple devices to observe PAT. On PC-A and PC-B, use the -t
parameter with the ping command to send a non-stop ping to R2’s Lo1 interface
(ping -t 209.165.200.1). On S1 and S2, issue the privileged exec command ping
209.165.200.1 repeat 2000. Then go back to R1 and issue the show ip nat
translations command.
R1# show ip nat translations
Part 4: Configure and verify Static NAT for IPv4
In Part 4, you will configure static NAT so that PC-A is directly reachable from
the internet. PC-A will be reachable from R2 via the address 209.165.200.229.
.

Step 1: On R1, clear current translations and statistics.

Open configuration window
R1# clear ip nat translations *
R1# clear ip nat statistics

Step 2: On R1, configure the NAT command required to statically map an inside
address to an outside address.
For this step, configure a static mapping between 192.168.1.11 and
209.165.200.1 using the following command:
R1(config)# ip nat inside source static 192.168.1.2 209.165.200.229

Step 3: Test and Verify the configuration.

a. Let’s verify the Static NAT is working. On R1, display the NAT table on R1 with
the command show ip nat translations, and you should see the static mapping.
R1# show ip nat translations
b. The translation table shows the static translation is in effect. Verify this
by pinging from R2 to 209.165.200.229. The pings should work.

Note: you may have to disable the PC firewall for the pings to work.
c. On R1, display the NAT table on R1 with the command show ip nat translations,
and you should see the static mapping and the port-level translation for the
inbound pings.
R1# show ip nat translations
 This validates that the Static NAT is working.

Router Interface Summary Table

Router Ethernet Interface Ethernet Interface Serial Serial
Model #1 #2 Interface #1 Interface #2

1800 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 Serial 0/0/1
(F0/0) (F0/1) (S0/0/0) (S0/0/1)

1900 Gigabit Ethernet Gigabit Ethernet Serial 0/0/0 Serial 0/0/1

0/0 (G0/0) 0/1 (G0/1) (S0/0/0) (S0/0/1)

2801 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/1/0 Serial 0/1/1
(F0/0) (F0/1) (S0/1/0) (S0/1/1)

2811 Fast Ethernet 0/0 Fast Ethernet 0/1 Serial 0/0/0 Serial 0/0/1
(F0/0) (F0/1) (S0/0/0) (S0/0/1)

2900 Gigabit Ethernet Gigabit Ethernet Serial 0/0/0 Serial 0/0/1

0/0 (G0/0) 0/1 (G0/1) (S0/0/0) (S0/0/1)

4221 Gigabit Ethernet Gigabit Ethernet Serial 0/1/0 Serial 0/1/1

0/0/0 (G0/0/0) 0/0/1 (G0/0/1) (S0/1/0) (S0/1/1)

4300 Gigabit Ethernet Gigabit Ethernet Serial 0/1/0 Serial 0/1/1

0/0/0 (G0/0/0) 0/0/1 (G0/0/1) (S0/1/0) (S0/1/1)
 Practical 5
Aim :- Implement Inter-VLAN Networking
What is Inter-VLAN Routing.
• Inter-VLAN routing can be defined as a way to forward traffic between
different VLAN by implementing a router (ROAS, SLV, Layer 3 Switch).
• VLAN logically segments the switch into different subnets, when a router is
connected to the switch, an administrator can configure the router to forward
the traffic between the various VLANs configured on the switch.
• The user nodes in the VLANs forwards traffic to the router which then forwards
the traffic to the destination network regardless of the VLAN configured on the
switch.

Objectives:
Step 1: Build the Network and Configure Basic Device Settings
Step 2: Create VLANs and Assign Switch Ports
Step 3: Configure an 802.1Q Trunk between the Switches
Step 4: Configure Inter-VLAN Routing on the Router
Step 5: Verify Inter-VLAN Routing is working

Design the network Topology and set its configuration..

• Create the basic network design.
Step 1: Build the Network and Configure Basic Device Settings

1.1 – Assign IP address and default gateway

Step 2: Configure VLAN for each switch..
Assign interface in each VLAN
.

Step 3 : Configure an 802.1Q Trunk Between the Switches

What is trunk and its use for?
A trunk is a communication line or physical link, such as a wire or optical line,
designed to carry multiple signals simultaneously.
It is used to carry multiple VLAN’s.

Step 4: Configure Inter-VLAN (ROAS) Router on Stick .

Step 5: Verify Inter-VLAN Routing is Working
1. Ping from PC-A to its default gateway.
2. Ping from PC-A to PC-B
2. Ping from PC-A to S2.
Ping from PC-A to PC-B
.
Ping from PC-B to PC-A

Show VLAN
Show Trunk